Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Hello! I am having some major issues with my Windows 7 Starter netbook. Earlier today I downloaded and tried to run an executable. It must have been viral somehow. As soon as I opened it my computer froze. When I rebooted I was presented with a BSOD (0x0000008E). I tried Safe Mode and got the same result. I tested my RAM and there does not appear to be any kind of hardware failure.

I did some research on the BSOD and think I have Backdoor.Rustock.B . The computer will sit at the desktop for about 30 seconds before it BSODs in both Safe Mode and normal mode. There isn't enough time to run any diagnostics before kernel failure.

I am able to boot up into the Windows Recovery Console however the System Restore wizard says that there are no restore points on the system disk. I can access the command prompt. I located my Windows installation (drive E relative to the recovery console) and tried to manually copy the SYSTEM, SAM, SECURITY, etc. hives from the included backups within the config folder however this didn't fix the problem either.

I know that System Restore WAS working before I got this Rootkit. If I can find the registry backups, I am literate enough to copy them manually from the recovery console. Does anybody know where it stores it's registry backups on the drive?

Also, I am able to offline edit the registry through the recovery console as well but I have no idea what I'm looking for.... Does you guys have any ideas as to where I can even start?

Worst case scenario I can copy my data off using the recovery console and re-image my Windows partition...but I really don't want to do that. Any idea and/or suggestions would be much appreciated. :)

Thank you!
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top